I would recommend using Jabber
(http://www.jabber.org)
* open source - you can audit the source
* source for both client and server side - that means you can run you own
internal jabber server.
* support for SSL encryption
We use Jabber here internally and we're very happy with it.
Chris Berry
[E
Check for trailing spaces in the file name.
Try this MS KnowledgeBase article
http://support.microsoft.com/default.aspx?scid=kb;en-us;320081
cdv
Chris DeVoney
Clinical Research Center Informatics
University of Washington
[EMAIL PROTECTED]
206-598-6816
If you are running Apache, check out mod_gzip:
http://sourceforge.net/projects/mod-gzip/
Here are some other compression solutions for various Web servers:
http://www.port80software.com/surveys/top1000compression/tools
Best,
Chris
:: ::
Chris Neppes
Port80 Software
Some programs insist on using dynamic high-level ports, and you have to allow
a huge range for it even though it may only use two ports at any given time.
There are just some cases it's not practical to have it locked down that
tight. Not using those programs also isn't always an option.
|-Or
From: Meidinger Chris <[EMAIL PROTECTED]>
I know you don't want to hear this, but remember that MS Windows NT or 2000
running in hybrid mode uses an NTLM hash to represent the password. This
hash represents only 7 characters, meaning that if you have a 21 character
password, it
sniffing traffic on that segment and pushing it outside the network. It
can create a really major incident.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
---
Just out of curiousity, what makes this software particularly interesting
for you?
Do you want to lock the servers with the event log or task manager showing,
and let people who are not allowed to 'touch' the servers monitor the logs
and load, or what?
badenIT GmbH
System Suppo
on that. It's pretty easy to disable the
storing of the LM hash permanently.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Q: How many software engineers does it take to change a lightbulb ?
A: It ca
Sophos has complete remote management from an admin console. We even set up
sophos to scan logins and auto install itself on domain members.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die
In-Reply-To: <[EMAIL PROTECTED]>
Im not sure about that particular protocol. But i will point you to
agilent technologies for a protocol analyzer, weve used them at work.
There a hefty price but well worth it. :) www.agilent.com
Chris
www.cr-secure.net
>Received: (qmail 25605 inv
service advertisments are normally IPX, which can be used anywhere that it
is implemented ... primarily novell
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Original Message-
From: dos cerveza [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2003 10
tabbed windows, so you can start to learn what the arguments
do even before knowing they exist.
The helpfile/documention is really easy to understand if you're new to
this kind of stuff. And the really technical stuff you probably won't
need to worry about yet...
--
Chris Wanstrath : [EMAIL
simple if you are willing to
take a day or two and write a database or set up an intelligent log server.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Original Message-
From: Alastair Cook [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 1:20 PM
To
best thing you can do for your computer knowledge. Just do it. I recommend
Gentoo from gentoo.org but everyone has their favorite.
Any other questions feel free to mail.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Original Message-
From: Sayo Venchetti
ind people entering their passwords, be careful. You
are liable to get slapped.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Original Message-
From: Adam Newhard [mailto:[EMAIL PROTECTED]
Sent: Friday, August 08, 2003 3:42 PM
To: [EMAIL PROTECTED]
Subject
an install all the clients
remotely over the network at the push of a button.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Q: How many software engineers does it take to change a lightbulb ?
A: It can
It's a good idea to use one product on clients and another on the gateways
so that you benefit from two signature bases / two heuristic approaches from
two different companies.
just a thought, not criticism.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Fre
If port 80 is open, but does not go over a proxy, just have your FTP Server
listen there and set it for passive mode.
If port 80 does use a proxy, check to see if you can proxy your FTP over
that too. Most organizations allow proxied FTP, just not direct.
badenIT GmbH
System Support
Chris
The vetrinarian's mouth:
cat /usr/share/nmap/nmap-services | grep
I do not mean this facetiously. Unfortunately IANA doesn't assign official
ports to backdoors.
-chris
-Ursprüngliche Nachricht-
Von: David Gillett [mailto:[EMAIL PROTECTED]
Gesendet: Thursday, July 31, 2003
ur 21
char pass is barely stronger than a 7 character password. For this reaason
complexity is very important in windows, and not length.
just a reminder for anyone in a windows environment who is setting password
requirements.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Fre
entire transaction, its briliant.
Let me know if you need more info?
- Original Message -
From: "Meidinger Chris" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "'Bob Freeman'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, Au
Also, modify header data and TCP/IP settings defeat tools like Nmap...
http://www.port80software.com/support/articles/maskyourwebserver
- Chris
:: ::
Chris Neppes
Port80 Software, Inc.
www.port80software.com
5252 Balboa Ave., Ste. 605
San Diego, CA 92117
[EMAIL
s to the switch?
|-Original Message-
|From: Sebastian Schneider [mailto:[EMAIL PROTECTED]
|Sent: Friday, August 08, 2003 3:10 PM
|To: CHRIS GRABENSTEIN; [EMAIL PROTECTED]
|Subject: Re: Network scanning
|
|
|On Friday 08 August 2003 14:19, CHRIS GRABENSTEIN wrote:
|
|> As far as the hard wires
A week ago I started a webhosting service for subdomains at
http://crystal-ninja.cjb.net . Now, ofcourse, people need to ftp into their
public_html directory in their home dirs. I'm using proFTPd for that.
But now for the problem: I just got the idea to make a funny mail service.
People should b
Our firewall people just looked at that. I believe it is UDP 500.
cdv
Chris DeVoney
Clinical Research Center Informatics
University of Washington
[EMAIL PROTECTED]
206-598-6816
> -Original Message-
> From: [EMAIL PROTECTED] [
I don't think there is a really good way to do it. Filtering by MAC on the
access point is good, but MACs can be spoofed. The packets of course can
still be sniffed which could provide a lot of info. I'd recommend something
like LEAP authentication with Cisco access points. You have to use all-
In-Reply-To: <[EMAIL PROTECTED]>
Easiest way to do this is to open a prompt on the box and simply
type "netstat -a" if theres someone connected to the box it should point
you right to their IP address.
Chris
www.cr-secure.net
>Received: (qmail 22282 invoked from netw
I agree, authenticating on the firewall is the best way to go.
checkpoint fw-1 and rsa secureid work great together too for this.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Binär
t person x was using ip y during the illegal movements.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Binär verstehen, und welche die es nicht tun.
-Ursprüngliche Nachricht-
I am very fond of Sophos AV from www.sophos.com.
I have had it in production with signiture replication over 6 sites with
about 3000 users and it worked like a charm.
Licensing should also be fitting, they are pretty flexible.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108
canner) or theres many others
on the net im just not sure where at the moment. The IIS Lock down tools
do work well also, they filter out alot of directory traversal attacks.
Chris
http://www.cr-secure.net (soon)
>Received: (qmail 16214 invoked from network); 5 Aug 2003 15:41:17 -
try the acct (sometimes called pacct) software set
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Binär verstehen, und welche die es nicht tun.
-Ursprüngliche Nachricht-
Von
probably a week - to get everything working, but trust me, you will
learn much much more that will help you on the linux road... Just my 2/25 of
a quarter...)
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten
18 packets / sec when each port is being opened (meaning not in an ongoing
TCP Connection, but for example in a port scan) is a good average
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die
though), would be to go to administrative tools,
computer management, and remove the offending service there.
Bob
You can intall the XP version and it works fine. Also you can add a control
applet called startup control, or use a program called regcleaner which also
has a startup panel.
Chris Berry
leaning out garbage like that. If it works you might consider sending a
donation, the developer does all that work for free.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Q: How many software engineers does it take to change a lightbulb ?
A: It can't be done; it
e some sort of broadcast storm due to
misconfigured settings etc.. Try the packet sniffer first before you do
anything else, its important to know what kind of traffic is leaving the
box before you try and fix the problem.
Chris
http://elusive.filetap.com
>Received: (qmail 12376 invoked fro
install them all over. Use zone alarm for
a personal firewall its a much better personal windows firewall in my
honest opinion.
-- Chris
http://elusive.filetap.com
>Received: (qmail 2163 invoked from network); 30 Jul 2003 15:42:55 -
>Received: from outgoing2.securityfocus.com
ES as well. http://www.netfilter.org/
My honest advice to you would be to buy a 40$ home DSL/CABLE router, its
much more secure and easier then securing a first time RedHat install
seeing as your a bit new to it.
Hope that helps even a little bit.
Chris
http://elusive.filetap.com
>Received: (qmai
Ok, I had never seen it put in that way before. I had known about the /32
bit notation, but I had only seen the /e used as a netmask on the address.
Whereas /25 would be 255.255.255.128 in decimal notation. So I had never
seen it referred to 2**8 - 1 before.
Chris
From: Justin Pryzby
Ad Aware works quite well...
From: "Bill Hardstone" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Removing xupiter, spyware, malware
Date: Tue, 29 Jul 2003 06:14:06 -0400
Greetings,
Anyone has positively removed spyware/ adware/ malware/parasites i.e.
xupiters a
ss and actually exploiting your
application are like i said really low.
--chris
http://elusive.filetap.com
>Received: (qmail 20693 invoked from network); 25 Jul 2003 15:27:22 -
>Received: from outgoing2.securityfocus.com (205.206.231.26)
> by mail.securityfocus.com with SMTP; 25 Jul 2003
to check if something is running is process explorer from
sysinternals (www.sysinternals.com). It has helped me in numerous
situations that things seem strange and when I checked what processes are
running, I discovered what was draining the system and what was doing the
damage.
Chris
From
It is a virus, probably Magistra.Worm. Check your Antivirus definitions.
Otherwise go to Trend Micro's HouseCall and perform a Virus Scan.
From: "Enquiries" <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: problem on personal pc not server
Date: Thu, 24 Jul 2
I'm not sure how reliable this is, but I generally check the modified date on
ntuser.dat under each profile directory. This would only work with local
profiles I believe and could be circumvented if the user is so motivated.
Does anyone know of problems with this method assuming the user isn't ove
From: "Dana Epp" <[EMAIL PROTECTED]>
How about setting something up like a wiki and allowing for the public to
build the FAQ from that?
That sounds like a much better idea than most that have been brought up so
far.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associate
Apache/IIS configurations, or atleast a link to where you can read
about secure webserver configurations.
4. Setting up basic firewall ACL's. How to block/open ports.
Ok thats all :)
-- Chris
http://elusive.filetap.com
>Received: (qmail 23684 invoked from network); 18 Jul 2003
set up using life with qmail instead, that's what
all the serious qmail admins follow. www.lifewithqmail.org
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"The number of the beast vi vi vi." --Delexa Jones
_
trick? Perl has some pretty easy to use encryption modules, should be
fairly simple to set up what you're looking for, probably less than a week
of coding by one of your staff.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"The number of the beast vi vi vi."
> I received this mail below, and call me paranoid, but I think
> this may be a ploy by Thawte to generate additional business.
I disagree. This may very well be a chance for Thawte to lose money due
to the flaws in their system. I feel that they are working the best they
can to ensure that thes
I'm not sure, but I'd imagine that when a host is having traffic directed
towards it, the next DNS change(s) is already working through the system.
Maybe DNS updates are made every 10 minutes, but the actual window that it's
in effect fluctuates a bit.
|-Original Message-
|From: James [mai
I'm not sure how well this would scale, but it seems like a good system.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt everything, and ask questions later."
_
Tired of spam? Get advan
l doesn't compare to PatchLink
(IMHO).
Good luck.
Chris
-Original Message-
From: Su Wadlow [mailto:[EMAIL PROTECTED]
Sent: Friday, July 11, 2003 2:28 PM
To: [EMAIL PROTECTED]
Subject: Re: Deploying Microsoft patches
--On Friday, July 11, 2003 2:47 AM -0700 Ronish Mehta
our stuff.
Hope this was a help,
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die Binär verstehen, und welche die es nicht tun.
-Ursprüngliche Nachricht-
Von: Ivan Coric [mailto:[
out on a need to know basis.
There are, in my opinion, many advantages to having a human factor in the
equation rather than relying on machines.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
__
Es gibt 10 arten von Menschen auf dem Planeten,
welche die
dows* or is there added functionality? Do you
think there's anything in the port (or anything that may have been added)
that could make it any more or less secure than running it on a *nix
server?
Sincerely,
Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)
---
ld be listening on that port.
I would be happy to help you more if you like. Just send me email with the
results of the four things above.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Ursprüngliche Nachricht-
Von: Charley Hamilton [mailto:[EMAIL PROT
addys and wanted to mention that i noticed this.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Ursprüngliche Nachricht-
Von: Sanjay Arora [mailto:[EMAIL PROTECTED]
Gesendet: Saturday, July 05, 2003 5:25 PM
An: [EMAIL PROTECTED]
Betreff: Re: Getting an IP
your own answers to the above. Additional knowledge can't hurt,
right?)
Thanks in advance to all.
Sincerely,
Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)
---
Evaluating SSL VPNs' Consider NEOTERIS
d into a web
browser. I am personally unaware of any security issues with Eudora in
the recent future, but my memory could be lying to me.
Sincerely,
Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)
Hey, even Trinity exploited SSH in The Matrix. How hard can it be?
It's like anything else: there is the occaisonal 'sploit, but
misconfiguration is the real danger.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Ursprüngliche Nachricht-
Von: C
Woah slow down there pardner.
If you buy any proxy server because it can do "etc." then you made a bad
decision.
Tell us more exactly what you want and we can recommend, but there are a lot
of proxy servers that support etc.
badenIT GmbH
System Support
Chris Meidinger
Tulla
I use gentoo linux from www.gentoo.org on all my boxes, both my private and
work machines.
Runs great on an IBM T23, and i've had it on T21, A31p and other Lappys.
It's worth a look for sure.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Urs
e this product extensively, and while there have been a few
problems discovered, for the most part it seems very secure, do you have
something to add to your earlier statement? By the way, you can disable
root logins fairly easily.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
&q
From: <[EMAIL PROTECTED]>
I recommend the following be identified as the most insecure:
1. Freeware
2. Shareware
I fail to see how the license can make software insecure, qmail is free as
in beer, yet is very secure.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
&q
From: Ansgar Wiechers <[EMAIL PROTECTED]>
On 2003-07-01 Chris Berry wrote:
> > From: "Depp, Dennis M." <[EMAIL PROTECTED]>
> > I think you left off the biggest security leak at Microsoft, namely
> > Internet Explorer (any version).
>
> I didn't t
ufacturer.
Use white box, it's cheaper.
7 Anything with a button.
That's what safety covers are for.
8 Calculators.
Well, my old HP48SX has an infra-red port, so I suppose theoretically it
could be hacked.
9 Davlid Letterman.
Agreed, maybe I should add that to my list.
10 rm -rf /
Th
o change the
mentality from "I need X software, do it or else" to "I need to do X task,
can you recommend and set up something to care of this"
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt everything, and ask questions later."
_
Willing but unable due to internal company regulations. Log files are a
touchy issue, can't have that stuff archived on the public net.
If you would like to know more about how we did it please feel free to give
me a private mail.
badenIT GmbH
System Support
Chris Meidinger
Tullastras
Are you willing to share some of that .HTA code with the rest of us?
I would be interested in seeing how it is done with the .hta code.
Thanks,
Chris
[EMAIL PROTECTED]
-Original Message-
From: Meidinger Chris [mailto:[EMAIL PROTECTED]
Sent: Friday, July 04, 2003 5:15 AM
To: 'St
Bob,
Do you know if it is possible to set two IP's on a Micro$oft Server for use
for one to access the internet and the other to accept VPN connections.
Chris
From: "Bob Walker" <[EMAIL PROTECTED]>
To:
<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>
Subject: RE:
ted to you could dump them much more
often. If you want it in real time though, i suspect you will need either a
commercial product or you will have to take a deep look into the windows log
architecture.
Cheap, but effective.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
7910
t low level, therefore there isn't much we can do
about it. However even if that were not true, C is so widespread there is
no practical way to stop using it.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt everything, an
t block that host on the firewall.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Ursprüngliche Nachricht-
Von: Thom Larner [mailto:[EMAIL PROTECTED]
Gesendet: Tuesday, July 01, 2003 1:38 AM
An: '[EMAIL PROTECTED]'
Betreff: Port scanning que
ng
else.
DJBDNS http://www.djbdns.org/
I like Dan's software (I use qmail right now), is that a full replacement or
just a small subset?
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt everything, and ask questions later."
f you move your domain to native
mode and implement Kerberos authentication (list - correct me if i am wrong)
you should get rid of this problem.
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-Ursprüngliche Nachricht-
Von: hong li [mailto:[EMAIL PROTECTED]
Gese
From: Jacob <[EMAIL PROTECTED]>
Remote Registry Service
What's dangerous about that, you have to be logged in as admin to use it
anyways, if they have access to that account you're already screwed.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encryp
From: NC Agent <[EMAIL PROTECTED]>
Chris,
I don't mean to be rude, but I think you have that wrong.
I don't think any of these are as vulnerable as Windows 9x and ME.
Telnet certainly doesn't have the user base as these products.
I would certainly put these at the top of the
ce DEC 2001 when I got hired here. Would you believe
they had everyone using the same password and 50% of the employees were in
the domain admins group? My policy is to lock it down till they start
screaming bloody murder, then back off just a little. You have to do this
slowly though or it inter
itself
BIND - Really bad history of problems, monolithic, too much root, use djbdns
instead
- Still looking for one more
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt everything, and ask questions later."
___
best OS I've ever used for a desktop. However I do feel that some
of their software is poorly written and designed to do too much all in one
package.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt everything, and ask questions later."
__
y secure" for the moment by applying the
patches, but most of things I listed have a history of new vulnerabilities
popping up all the time, which was what I was trying to get across. How
many people have had to cancel their vacation becuase of a qmail or postfix
vulnerability - Zero, how many
From: Paul Hawkinson <[EMAIL PROTECTED]>
Chris didn't mention that he was talking about the AVG free edition. We
are running AVG on our servers and workstations. It is really a great
piece of antivirus software.
That part must have gotten snipped out because what I was originally tal
lack of encryption).
That's mostly what I was looking for, programs etc. whose basic design is
poor and has a tendency to produce a higher amount of security problems than
their alternatives, my apologies if I was a bit unclear.
Chris Berry
[E
From: "Simon Quirk" <[EMAIL PROTECTED]>
Chris Berry said:
> But if you have an actual arguement I'd be happy to hear it.
How about:
So Apache has like 17 vs maybe 50 or so for IIS, that seems relevant to me.
And that's just the http, whereas iis does http, smtp, ftp.
tp://www.linuxsecurity.com/articles/documentation_article-6857.html for a
four part article on making the switch.)
I like Dan's software (using qmail now) is dbjdns a full replacement or just
a small subset?
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt
From: Devdas Bhagat <[EMAIL PROTECTED]>
On 28/06/03 15:08 -0700, Chris Berry wrote:
> I'm putting together a list of what seem to be the ten least secure
computer
> items in use today with the idea of having a set of things to recommend
1) Passwords. Use RSA/DSA keys instead.
P
allowing users to run arbitrary code.
Well, I was looking more for thing that were poorly designed.
IPv4 should be on there too.
Can't really do much about that.
Oh, and network HP printers if that counts
Uh, why?
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt
rver
5) Wireless networking - Unless used with extreme paranoia
6) PHP - It seems to make it easy to write insecure code.
7) R services (rsh, rcp, rlogin)
8) ActiveX - mostly because of what it's used for not the actual protocol.
9) BIND
10) ?
Chris Berry
[EMAIL PROTECTED]
Depending on your clients, you might list such things as KAZAA and Hotbar.
Chris Smith
Network Administrator
USA Hockey, Inc.
-Original Message-
From: Chris Berry [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 01, 2003 11:50 AM
To: [EMAIL PROTECTED]
Subject: RE: Ten least secure programs
atives,
but right now I'm exploring djbdns to see if it's a full replacement.
Another candidate would be the "r" services (rsh, rlogin, rcp, etc.)
Yeah, I added those, alot of people have mentioned them.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associate
atly appreciate any input, pointer, suggestions.
Chris
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat
osoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability
1999-06-01: Microsoft IIS Long URL Denial of Service Vulnerability
I think you should also include FTP and NFS in
your list.
FTP I'm researching, I've heard that some FTP servers are exploitable.
What's wrong with NFS?
Chri
truly
objective, well researched list to answer your question as it currently
stands.
I'm not looking for objectivity, I'm looking for subjective opinions of
experts.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt everything, and ask questions later."
python ;^P
It just seems like I get a ton of vulnerability reports from PHP itself and
programs written using it, could be because it's popular, but I don't think
that's the whole story.
Chris Berry
[EMAIL PROTE
t IIS '../..' Denial of Service Vulnerability
1999-06-01: IIS 4.0 fpcount.exe Buffer Overflow Vulnerability
1999-06-01: Microsoft IIS 3.0/4.0 Upgrade BDIR.HTR Vulnerability
1999-06-01: Microsoft IIS Long URL Denial of Service Vulnerability
But if you have an actual arguement I'd be ha
From: "Paul Kurczaba" <[EMAIL PROTECTED]>
7) AOL Instant Messanger
Hadn't heard of that being a problem, what's wrong with it?
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"Encrypt ever
browsers in general.
9)Windows Media Player
Haven't heard of many problems here, what gives?
10)Microsoft Outlook (yes, it needs to be listed twice)
Probably should be but I'm only listing things once, hehe.
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
&qu
Chris,
I don't mean to be rude, but I think you have that wrong.
I don't think any of these are as vulnerable as Windows 9x and ME.
Telnet certainly doesn't have the user base as these products.
I would certainly put these at the top of the list - especially if they
are
e or useability bugs, only security
ones, so I don't agree. If your IE is fully patched and configured it's not
that bad. (though I personally use Mozilla instead because of the nice
features).
Chris Berry
[EMAIL PROTECTED]
Systems Administrator
JM Associates
"En
1 - 100 of 539 matches
Mail list logo